Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
JR0ch17
January 25, 2022
Technology
57
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
190
Getting Started in Bug Bounty
jr0ch17
0
170
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
120
Beyond the Borders of Scope
jr0ch17
1
96
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Gaussian Splattingの実用化 - 映像制作への展開
gpuunite_official
0
160
サンプリングは「作る」のか「使う」のか? 分散トレースのコストと運用を両立する実践的戦略 / Why you need the tail sampling and why you don't want it
ymotongpoo
4
170
生成AIはソフトウェア開発の革命か、ソフトウェア工学の宿題再提出なのか -ソフトウェア品質特性の追加提案-
kyonmm
PRO
2
880
20260516_SecJAWS_Days
takuyay0ne
2
310
試作とデモンストレーション / Prototyping and Demonstrations
ks91
PRO
0
200
可視化から活用へ — Mesh化・Segmentation・アライメントの研究動向
gpuunite_official
0
160
Sociotechnical Architecture Reviews: Understanding Teams, not just Artefacts
ewolff
1
160
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
100k
会社説明資料|株式会社ギークプラス ソフトウェア事業部
geekplus_tech
0
220
Forget technical debt
ufried
0
180
生成AI時代に信頼性をどう保ち続けるか - Policy as Code の実践
akitok_
1
210
AI時代の品質はテストプロセスの作り直し #scrumniigata
kyonmm
PRO
4
1.5k
Featured
See All Featured
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
550
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
300
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.6k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
450
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
510
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
200
Speed Design
sergeychernyshev
33
1.6k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
130
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.8k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.4k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
gpuunite_official
ymotongpoo
kyonmm
takuyay0ne
ks91
ewolff
oracle4engineer
geekplus_tech
ufried
akitok_
addyosmani
inesmontani
tammyeverts
marktimemedia
chikuwait
pwiseman
sergeychernyshev
davidcarrasco
eileencodes
